Chapter 09 - Risk Management: Controlling RiskTRUE/FALSE1.The defense risk control strategy may be accomplished by rethinking how services are offered and outsourcing to other organizations, among other strategies.
PTS:1REF:3152.Risks can be avoided by countering the threats facing an asset or by eliminating the exposure of an asset.
PTS:1REF:3163.The criterion most commonly used when evaluating a strategy to implement InfoSec controlsand safeguards is economic feasibility.
PTS:1REF:3214.Unlike other risk management frameworks, FAIR relies on the qualitative assessment of many risk components using scales with value ranges.
PTS:1REF:3345.The ISO 27005 Standard for InfoSec Risk Management includes a five-stage management methodology; among them are risk treatment and risk communication.
PTS:1REF:334MULTIPLE CHOICE1.Application of training and education is a common method of which risk control strategy?
PTS:1REF:3152.Which of the following describes an organization’s efforts to reduce damage caused by a realized incident or disaster?
PTS:1REF:3163.Strategies to limit losses before and during a disaster is covered by which of the following plans in the mitigation control approach?
PTS:1REF:3174.The only use of the acceptance strategy that industry practices recognize as valid occurs when the organization has done all but which of the following?